Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/4jQpdP7_DqtfVlN877AXJEvZiJw.roa
File:                     4jQpdP7_DqtfVlN877AXJEvZiJw.roa (raw, json)
Hash identifier:          H0lOUhu5YhW2ABFt1Slm4iU6i1WVwttZlOiXpFeQys0=
Subject key identifier:   E2:34:29:74:FE:FF:0E:AB:5F:56:53:7C:EF:B0:17:24:4B:D9:88:9C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CD30B7C8169D5CEEAE902643ACE6101D1
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/4jQpdP7_DqtfVlN877AXJEvZiJw.roa
Signing time:             Mon 09 Mar 2026 14:41:11 +0000
ROA not before:           Mon 09 Mar 2026 14:41:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135120
IP address blocks:        147.90.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:0b:7c:81:69:d5:ce:ea:e9:02:64:3a:ce:61:01:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar  9 14:41:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2342974feff0eab5f56537cefb017244bd9889c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cb:ea:f0:41:d2:14:aa:b7:36:67:12:4b:f3:
                    80:d9:12:12:84:c9:01:64:d9:2f:39:64:37:c8:e9:
                    15:5c:f1:a3:f0:9b:91:4e:59:23:53:9d:50:71:8c:
                    5b:0a:da:93:fa:6b:3a:51:01:d6:73:a2:a0:3e:aa:
                    6d:01:b2:69:86:a9:dd:be:e6:ad:93:ef:dc:49:c0:
                    20:3e:03:af:f1:09:4d:74:33:5a:a3:6e:33:d6:ed:
                    e2:2e:ba:f1:68:bf:16:d8:6d:e1:0e:51:b3:6b:c8:
                    ce:c0:1f:95:48:90:e7:5c:7a:9f:01:5a:7b:a7:60:
                    19:89:03:84:8a:37:d4:83:6e:29:af:e1:c5:c6:a6:
                    55:a0:0c:69:27:2d:c1:b8:10:8d:da:39:b1:b8:2d:
                    5c:2e:0c:15:36:ff:4f:be:89:f9:e9:a8:b8:ff:a4:
                    5f:ad:28:78:94:43:57:2d:f3:38:d8:40:e2:dc:2e:
                    75:e1:43:b9:f2:04:6d:30:31:29:f6:4e:2d:0a:18:
                    5f:cb:7d:64:ca:e0:d2:a4:58:a3:b4:ac:b5:cd:6c:
                    4e:44:17:03:bf:a8:7e:be:16:9b:76:1f:20:e3:6d:
                    64:6f:65:c0:6b:c0:2f:8d:62:91:c8:31:b5:55:c7:
                    81:c4:43:01:6e:55:5f:7b:da:c3:37:c7:1d:25:ec:
                    92:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:34:29:74:FE:FF:0E:AB:5F:56:53:7C:EF:B0:17:24:4B:D9:88:9C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/4jQpdP7_DqtfVlN877AXJEvZiJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:75:d4:b0:65:6f:a5:4e:da:95:76:42:ad:2b:0b:c7:7f:8e:
         94:d5:75:f5:ff:81:8e:41:14:f3:36:14:3a:56:c6:ca:8d:66:
         24:6c:8c:9f:2a:69:c8:0c:c7:35:8d:86:90:a7:f7:95:86:6e:
         84:50:5b:6d:29:56:c7:52:71:2b:9c:ca:79:af:7e:f3:d6:f2:
         83:09:fb:2d:8d:b1:40:88:25:d3:6f:07:ea:23:13:be:0b:6a:
         4b:c7:8c:4d:57:78:0f:c3:b6:70:5f:f3:aa:95:09:09:82:96:
         67:a7:c0:b9:57:48:c5:69:45:84:50:a6:fd:d0:a8:67:f0:33:
         2e:f2:41:53:df:b1:d6:75:85:ce:a3:2e:b5:cb:c6:f2:1c:79:
         e4:71:c0:b5:18:06:08:0f:07:a2:f3:27:d3:b3:f1:0c:30:03:
         98:01:ac:60:f0:d0:85:66:f4:e6:24:14:d9:48:74:49:fb:48:
         43:9f:19:7d:36:fc:7c:fe:9d:3e:55:89:8d:c2:56:fa:62:71:
         c4:03:50:12:b7:0f:73:7e:82:bc:b5:db:12:df:26:e8:3a:04:
         ae:8c:61:db:a0:d2:13:c0:ff:5c:f3:20:b7:c0:96:a6:fa:a0:
         14:c2:07:a2:cf:6b:8e:df:ea:24:1e:7b:8e:bb:dc:3e:de:59:
         31:cd:3a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzTC3yBadXO6ukCZDrOYQHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzA5MTQ0MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjM0Mjk3NGZlZmYwZWFiNWY1NjUzN2NlZmIwMTcyNDRiZDk4ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMvq8EHSFKq3NmcSS/OA2RIShMkB
ZNkvOWQ3yOkVXPGj8JuRTlkjU51QcYxbCtqT+ms6UQHWc6KgPqptAbJphqndvuat
k+/cScAgPgOv8QlNdDNao24z1u3iLrrxaL8W2G3hDlGza8jOwB+VSJDnXHqfAVp7
p2AZiQOEijfUg24pr+HFxqZVoAxpJy3BuBCN2jmxuC1cLgwVNv9Pvon56ai4/6Rf
rSh4lENXLfM42EDi3C514UO58gRtMDEp9k4tChhfy31kyuDSpFijtKy1zWxORBcD
v6h+vhabdh8g421kb2XAa8AvjWKRyDG1VceBxEMBblVfe9rDN8cdJeyShQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOI0KXT+/w6rX1ZTfO+wFyRL2YicMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvNGpRcGRQN19EcXRmVmxOODc3QVhKRXZaaUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk1oCMA0G
CSqGSIb3DQEBCwUAA4IBAQC5ddSwZW+lTtqVdkKtKwvHf46U1XX1/4GOQRTzNhQ6
VsbKjWYkbIyfKmnIDMc1jYaQp/eVhm6EUFttKVbHUnErnMp5r37z1vKDCfstjbFA
iCXTbwfqIxO+C2pLx4xNV3gPw7ZwX/OqlQkJgpZnp8C5V0jFaUWEUKb90Khn8DMu
8kFT37HWdYXOoy61y8byHHnkccC1GAYIDwei8yfTs/EMMAOYAaxg8NCFZvTmJBTZ
SHRJ+0hDnxl9Nvx8/p0+VYmNwlb6YnHEA1AStw9zfoK8tdsS3yboOgSujGHboNIT
wP9c8yC3wJam+qAUwgeiz2uO3+okHnuOu9w+3lkxzTos
-----END CERTIFICATE-----